IronNet Has Shut Down - Schneier on Security

IronNet Has Shut Down

After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me. Whatever ideas he had, they were developed on public time using public resources: he shouldn’t have been able to leave military service with them in his back pocket.

In any case, it was never clear what those ideas were. IronNet never seemed to have any special technology going for it. Near as I could tell, its success was entirely based on Alexander’s name.

Turns out there was nothing there. After some crazy VC investments and an IPO with a $3 billion “unicorn” valuation, the company has shut its doors. It went bankrupt a year ago—ceasing operations and firing everybody—and reemerged as a private company. It now seems to be gone for good, not having found anyone willing to buy it.

And—wow—the recriminations are just starting.

Last September the never-profitable company announced it was shutting down and firing its employees after running out of money, providing yet another example of a tech firm that faltered after failing to deliver on overhyped promises.

The firm’s crash has left behind a trail of bitter investors and former employees who remain angry at the company and believe it misled them about its financial health.

IronNet’s rise and fall also raises questions about the judgment of its well-credentialed leaders, a who’s who of the national security establishment. National security experts, former employees and analysts told The Associated Press that the firm collapsed, in part, because it engaged in questionable business practices, produced subpar products and services, and entered into associations that could have left the firm vulnerable to meddling by the Kremlin.

“I’m honestly ashamed that I was ever an executive at that company,” said Mark Berly, a former IronNet vice president. He said the company’s top leaders cultivated a culture of deceit “just like Theranos,” the once highly touted blood-testing firm that became a symbol of corporate fraud.

There has been one lawsuit. Presumably there will be more. I’m sure Alexander got plenty rich off his NSA career.

Tags: , ,

Posted on October 11, 2024 at 7:08 AM10 Comments

Comments

Clive Robinson October 11, 2024 10:32 AM

With regards,

“[I]t was never clear what those ideas were. IronNet never seemed to have any special technology going for it.”

Remember,

1, Bosses put their names on juniors patents and thus claim entitlement.

2, The NSA has peculiar rules that enable them to claim “prior art” without proof.

Thus stealing peoples ideas would be very easy for a man in his position, and he could talk about them confidentially to investors as if they were his own.

The hard part however would be actually using the ideas without those who actually thought them up finding out and “making claim”.

So I’m guessing he was not smart enough to “make product” on others IP in a way he could get away with it. But he sure could talk up a nice income out of it, didn’t he say a $million/month at one point?

Richard Bejtlich October 11, 2024 10:44 AM

Not dead yet! (Cue the Monty Python skit.)

https://www.newsweek.com/ironnet-boss-responds-russian-conspiracy-1965995

“Pienaar has since helped IronNet scale-down into a smaller, private outfit and believes the company still can still play a crucial role in the cybersecurity space, despite its difficulties in the public market.

“The mission with IronNet continues,” Pienaar said. “It’s back under private ownership as it should have been. It’s kept all its customers. It’s doing some very important work to defend us, both the U.S. and U.S. allies from cyberattacks and we are optimistic about the company’s future.”

wiredog October 11, 2024 11:08 AM

“he developed on his own time while still in the military. That always troubled me. Whatever ideas he had, they were developed on public time using public resources”

Well, his claim is that he developed it on his time using his resources, not on duty using military resources. Lots of people in the military have side gigs.

Ray Dillinger October 11, 2024 12:06 PM

I strongly disagree with the idea that it is impossible for someone to develop independent ideas while also in full-time employment – even employment in the military.

I’ve worked at places where I came up with relevant ideas and the executives made a specific decision to not develop them. It happens, I have no doubt that it also happens in military service, and there’s nothing wrong with developing them independently.

Of course, independently means using your own machinery and your own time but there is nothing preventing full-time service members from having at least some of both, the same way I owned home computers and laptops that I never connected to my workplace’s systems.

That said, if your “independent idea” is simply to say you’ve developed independent intellectual property and sucker a bunch of people into investing in it, that doesn’t really test the question of whether it is possible or ethical to actually develop independent intellectual property that might be a worthwhile investment.

Williams_Brother_Thomas October 11, 2024 3:05 PM

For some reason this reminded me of Jonathan Frakes dressing up as Riker and selling some sort of enterprise automation system. If you don’t know what I’m talking about, you can see it on Youtube (watch?v=IzUX_1jaO_I)

The era of low interest rates kept way too many uncompetitive businesses afloat. We haven’t dealt with that fully just yet.

Agreements about confidentiality, intellectual property and non-competition are so very common in the private sector. It’s almost as if anytime something “worth knowing” is disclosed by a private organization, the people to whom the disclosure is made must give their prior agreement not to do anything with that information that the disclosing party finds objectionable.

Why doesn’t the public sector have the same expectations of public servants?

Francis Mayer October 12, 2024 1:55 PM

The lesson learned should be that ethics is everything. I had to get legal clearance just to take a teaching job at a community college after my military retirement. The people who cleared the general for this enterprise post retirement are partially to blame if anything was amiss. Regardless The ethics of misleading people and leaving your workers with nothing is obviously not up to standard for an officer who should exemplify duty, honor, country. This is one more data point that shows that neither rank or reputation should override hard business fundamentals. Did the investors study the business plans with a critical eye when buying into this enterprise? Did investors demand detailed status reporting with clear and accurate measures of sucess, assets, and liabilities? It does not appear that they fulfilled any of their responsibilities for due diligence.

Steve October 12, 2024 4:52 PM

From the AP article linked by Bruce:

“I’m honestly ashamed that I was ever an executive at that company,” said Mark Berly, a former IronNet vice president. He said the company’s top leaders cultivated a culture of deceit “just like Theranos,” the once highly touted blood-testing firm that became a symbol of corporate fraud.

That’s an idea easy to come up with on your own time.

James D. October 15, 2024 1:49 PM

@Gilbert Fernandes
They got MASSIVELY rooted and played by the Russian secret service.

Esp. ironic for a “cybersecurity” company

Leave a comment

All comments are now being held for moderation. For details, see this blog post.

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.